gitlab-org--gitlab-foss/lib/api/helpers.rb

module API
  module APIHelpers
    def current_user
      @current_user ||= User.find_by_authentication_token(params[:private_token] || env["HTTP_PRIVATE_TOKEN"])
    end

    def user_project
      @project ||= find_project
      @project || not_found!
    end

    def find_project
      project = Project.find_by_id(params[:id]) || Project.find_with_namespace(params[:id])

      if project && can?(current_user, :read_project, project)
        project
      else
        nil
      end
    end

    def paginate(object)
      object.page(params[:page]).per(params[:per_page].to_i)
    end

    def authenticate!
      unauthorized! unless current_user
    end

    def authenticated_as_admin!
      forbidden! unless current_user.is_admin?
    end

    def authorize! action, subject
      unless abilities.allowed?(current_user, action, subject)
        forbidden!
      end
    end

    def can?(object, action, subject)
      abilities.allowed?(object, action, subject)
    end

    # Checks the occurrences of required attributes, each attribute must be present in the params hash
    # or a Bad Request error is invoked.
    #
    # Parameters:
    #   keys (required) - A hash consisting of keys that must be present
    def required_attributes!(keys)
      keys.each do |key|
        bad_request!(key) unless params[key].present?
      end
    end

    def attributes_for_keys(keys)
      attrs = {}
      keys.each do |key|
        attrs[key] = params[key] if params[key].present?
      end
      attrs
    end

    # error helpers

    def forbidden!
      render_api_error!('403 Forbidden', 403)
    end

    def bad_request!(attribute)
      message = ["400 (Bad request)"]
      message << "\"" + attribute.to_s + "\" not given"
      render_api_error!(message.join(' '), 400)
    end

    def not_found!(resource = nil)
      message = ["404"]
      message << resource if resource
      message << "Not Found"
      render_api_error!(message.join(' '), 404)
    end

    def unauthorized!
      render_api_error!('401 Unauthorized', 401)
    end

    def not_allowed!
      render_api_error!('Method Not Allowed', 405)
    end

    def render_api_error!(message, status)
      error!({'message' => message}, status)
    end

    private

    def abilities
      @abilities ||= begin
                       abilities = Six.new
                       abilities << Ability
                       abilities
                     end
    end
  end
end
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 12:33:31 +00:00			`module API`
add users API 2012-06-27 11:32:56 +00:00			`module APIHelpers`
			`def current_user`
API: private token via header 2012-10-02 15:43:35 +00:00			`@current_user \|\|= User.find_by_authentication_token(params[:private_token] \|\| env["HTTP_PRIVATE_TOKEN"])`
add users API 2012-06-27 11:32:56 +00:00			`end`

refactor projects API 2012-07-06 13:08:17 +00:00			`def user_project`
Fix namespace api autocomplete 2012-12-12 10:54:28 +00:00			`@project \|\|= find_project`
			`@project \|\| not_found!`
			`end`

			`def find_project`
			`project = Project.find_by_id(params[:id]) \|\| Project.find_with_namespace(params[:id])`

			`if project && can?(current_user, :read_project, project)`
			`project`
return 404 if project not found 2012-07-25 12:24:28 +00:00			`else`
Fix namespace api autocomplete 2012-12-12 10:54:28 +00:00			`nil`
return 404 if project not found 2012-07-25 12:24:28 +00:00			`end`
refactor projects API 2012-07-06 13:08:17 +00:00			`end`

add pagination to API 2012-09-03 11:46:29 +00:00			`def paginate(object)`
			`object.page(params[:page]).per(params[:per_page].to_i)`
			`end`

add users API 2012-06-27 11:32:56 +00:00			`def authenticate!`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`unauthorized! unless current_user`
add users API 2012-06-27 11:32:56 +00:00			`end`
Auth for API 2012-09-10 06:06:11 +00:00
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`def authenticated_as_admin!`
			`forbidden! unless current_user.is_admin?`
			`end`

Auth for API 2012-09-10 06:06:11 +00:00			`def authorize! action, subject`
			`unless abilities.allowed?(current_user, action, subject)`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`forbidden!`
Auth for API 2012-09-10 06:06:11 +00:00			`end`
			`end`

Fix namespace api autocomplete 2012-12-12 10:54:28 +00:00			`def can?(object, action, subject)`
			`abilities.allowed?(object, action, subject)`
			`end`

API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. 2013-02-27 16:50:30 +00:00			`# Checks the occurrences of required attributes, each attribute must be present in the params hash`
			`# or a Bad Request error is invoked.`
			`#`
			`# Parameters:`
			`# keys (required) - A hash consisting of keys that must be present`
			`def required_attributes!(keys)`
			`keys.each do \|key\|`
			`bad_request!(key) unless params[key].present?`
			`end`
			`end`

Method name changed 2012-09-16 17:08:57 +00:00			`def attributes_for_keys(keys)`
API attributes refactored 2012-09-16 16:51:04 +00:00			`attrs = {}`
			`keys.each do \|key\|`
			`attrs[key] = params[key] if params[key].present?`
			`end`
			`attrs`
			`end`

Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`# error helpers`

			`def forbidden!`
Common errors method added 2012-09-10 10:49:00 +00:00			`render_api_error!('403 Forbidden', 403)`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`end`

API: extracted helper method to provide 400 bad request error with description Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of the missing attribute is used to show which one was missing from the request. It is used to give an appropriate message in the json response. 2013-02-13 14:48:52 +00:00			`def bad_request!(attribute)`
			`message = ["400 (Bad request)"]`
			`message << "\"" + attribute.to_s + "\" not given"`
			`render_api_error!(message.join(' '), 400)`
			`end`

Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`def not_found!(resource = nil)`
			`message = ["404"]`
			`message << resource if resource`
			`message << "Not Found"`
Common errors method added 2012-09-10 10:49:00 +00:00			`render_api_error!(message.join(' '), 404)`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`end`

			`def unauthorized!`
Common errors method added 2012-09-10 10:49:00 +00:00			`render_api_error!('401 Unauthorized', 401)`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`end`

			`def not_allowed!`
Common errors method added 2012-09-10 10:49:00 +00:00			`render_api_error!('Method Not Allowed', 405)`
			`end`

			`def render_api_error!(message, status)`
			`error!({'message' => message}, status)`
Error throwing moved to api_helper 2012-09-10 07:41:46 +00:00			`end`

APi for commits. Better api docs 2012-09-21 10:22:30 +00:00			`private`
Auth for API 2012-09-10 06:06:11 +00:00
			`def abilities`
			`@abilities \|\|= begin`
			`abilities = Six.new`
			`abilities << Ability`
			`abilities`
			`end`
			`end`
add users API 2012-06-27 11:32:56 +00:00			`end`
			`end`